Go modules package
github.com/open-policy-agent/opa
pkg:golang/github.com/open-policy-agent/opa
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46569 | Hig | — | < 1.4.0 | 1.4.0 | May 1, 2025 | Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query | |
| CVE-2024-8260 | — | < 0.68.0 | 0.68.0 | Aug 30, 2024 | A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA | ||
| CVE-2022-36085 | — | >= 0.40.0, < 0.43.1 | 0.43.1 | Sep 8, 2022 | Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if en | ||
| CVE-2022-33082 | — | < 0.42.0 | 0.42.0 | Jun 30, 2022 | An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2022-28946 | — | < 0.40.0 | 0.40.0 | May 19, 2022 | An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | ||
| CVE-2022-23628 | — | >= 0.33.1, < 0.37.2 | 0.37.2 | Feb 9, 2022 | OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse an |
- affected < 1.4.0fixed 1.4.0
Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query
- CVE-2024-8260Aug 30, 2024affected < 0.68.0fixed 0.68.0
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA
- CVE-2022-36085Sep 8, 2022affected >= 0.40.0, < 0.43.1fixed 0.43.1
Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if en
- CVE-2022-33082Jun 30, 2022affected < 0.42.0fixed 0.42.0
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2022-28946May 19, 2022affected < 0.40.0fixed 0.40.0
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
- CVE-2022-23628Feb 9, 2022affected >= 0.33.1, < 0.37.2fixed 0.37.2
OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse an